A high tech global manufacturer found its ERP was in violation of the Sarbanes Oxley Act due to numerous unknown, and un-auditable Segregation of Duties (SoD) risks. These risks resulted from users having inappropriate and often unnecessary ERP permissions. The company realized this access needed to be redesigned and enterprise wide controls put in place that mitigated the SoD Risks. The company needed consulting support to work with internal stakeholders, oversee the work of a security firm, and ensure the redesign was implemented.
Pepper Foster worked closely with the security firm to adjust and implement a project plan. This plan ensured the project was completed in time to perform an ERP access audit before year end. We led the technical team and facilitated design conversations between the client’s stakeholder team made up of executive sponsors, global business representatives from each enterprise sector, and the security firm. Pepper Foster also drove user testing, facilitated conversations about mitigating controls, planned the release, and communicated support plans to over 3,000 users for the cutover, which occurred just prior to a quarter end close.
All 3,000 ERP users have updated permissions so that access is appropriate with their job responsibilities. All SoD risks in the ERP have mitigating controls in place. Quarterly access audits have been implemented and the client’s ERP is on track to be clear of its Sarbanes Oxley violation.